To provide insight into the challenges faced by CISOs following a breach, cybersecurity firm Trellix surveyed over 500 security executives globally, revealing strategic analysis, eye-opening data, and practical viewpoints.
In their analysis, the Trellix researchers revealed that 96% of CISOs (who have suffered at least one security incident) believe in the need for improvements. However, 52% of the respondents claim that their organizations have meagre to no technical knowledge on how to tackle challenging security incidents.
According to the aforementioned survey, 48% of security leaders believe that their organizations are majorly based on manual processes, which eventually makes it more difficult to identify and fix cyberattacks quickly.
Moreover, 44% of respondents attribute the inability to tackle cybercrime to inadequately documented and executed procedures, while 44% caution that disjointed security controls result in a deficiency of context.
According to Jake Moore, global cybersecurity adviser at ESET, better investment in security is significantly crucial for companies, taking into account the increased sophistication in cyber activities.
"Furthermore, now with the introduction of AI threats we are seeing cyberattacks become even more relentless and powerful[…]Companies need to bear in mind that the cost of recovery from an attack usually outweighs the cost of preventive security measures,” he says.
Organizations find it challenging to identify and address cybersecurity problems due to a lack of technological resources, but it can also be challenging when security professionals are overworked or underequipped. More than half of those surveyed (52%) said that their organization's security problems were caused by vulnerabilities in their security capabilities.
However, nearly half of the respondents that they had not properly enabled their detection policies or configured their IT stacks. Forty percent more claimed that their security and IT systems do not provide "adequate visibility" of occurrences.
Moore further warns, "Neglecting cybersecurity in terms of the people and process can leave a business dangerously exposed to preventable or mitigable attacks with potentially severe consequences."
The framework was developed in response to the collapse of the cryptocurrency markets in 2022, which caused authorities worldwide to step up their efforts to establish or enforce protections and left businesses and investors worried about the future of cryptocurrencies.
These new regulations involve the authorities seeking necessary permits and licenses in order to provide users with one or more crypto-related services in Dubai. The framework is accompanied by seven activity-based rulebooks that specify standards based on the type of service supplied and four mandatory rulebooks for service providers, which Talal Tabbaa, founder of the regional cryptocurrency exchange CoinMENA, hailed as being "elegantly designed."
Dubai is one among the seven emirates of the United Arab Emirates with a goal to emerge as a global hub for crypto and blockchain activities, and in order to accomplish this it was courting companies to systemize the jurisdiction even before publishing its strategized rules for the sector.
In the wake of the new rules being published, the institutional crypto custody provider Hex Trust became one of the first to receive an operational green light from the emirate's watchdog, the Virtual Asset Regulation Authority. Stating the time before VARA, which was established in 2022, Mohamed Reda El Sheikh, head of compliance at Hex Trust for the Middle East and North Africa (MENA) says "We were waiting for a licensing framework. We were waiting for somebody with interest to take the responsibility."
However, these new regulations set up by Dubai are still a work in progress, because of their comprehensive nature, which allows for potential development. The emerging hub's new regulatory structure also reveals the expense of compliance in the area, which may make it more difficult for start-up businesses to locate there.
While Tabbaa called the licencing costs "peanuts" when compared to other operating costs like hiring staff or maintaining offices locally, and compliance fees are not something crypto companies focus on when looking to enter a market, even he acknowledges that some of Dubai's fees can be viewed as being on the expensive side.
A company seeking to provide exchange services is required to pay an application cost of 100,000 UAE dirham (US$27,200) and an annual supervision fee that is double that amount, says the document. The application fee does not guarantee acceptance, and if the business wishes to provide additional services such as custody, lending, or payments, it must submit additional licensing applications (at a 50% reduction off the application charge) and pay additional monitoring fees.
For comparison, the application fee in Abu Dhabi, another emirate of the UAE, is $20,000, while the yearly monitoring fee is $15,000. However, the Abu Dhabi Global Market (ADGM) stated in an email to CoinDesk that goes up if businesses seek to provide additional kinds of assets.
“Apart from any tokenized securities, under ADGM’s regulations, any crypto exchange that operates a spot or derivative market in relation to virtual assets (which include cryptocurrencies such as bitcoin and ether) will have to apply for a Multilateral Trading Facility license,” the ADGM said. Companies that are likely to operate MTFs must pay an application fee of $125,000 and an annual supervision fee of $60,000.
In Singapore, crypto exchanges that are not involved in fiat currencies usually apply for a Major Payments Institution license (for digital payment token service), which comes with a 10,000 Singapore dollar ($7,500) annual fee. Wherein, New York's BitLicense comes with a $5,000 application fee, although companies have reported bearing a cost of around $100,000 for time allocation, and legal and compliance fees.
Dubai’s fees, on the other hand, are much more reasonable for larger companies. Although, it may not be very sustainable for startups, says Irina Heaver, a crypto lawyer based in the UAE.
“However, I fully agree that Dubai needed to step up and to regulate the space, with so many bottom feeding scammers trying to establish here, enough is enough. Hopefully, these regulations will be used to really target those bad players,” Heaver said.